Our Blog

HIPAA is not only about healthcare but it is a federal law that regulates patient's privacy and information security. So if you are in a healthcare sector and have access to patient’s private health information, then you should have a complete understanding of HIPAA requirements.

Every year HIPAA violations cost individuals and business owners billions of dollars in fines and remediation efforts. Generally, HIPAA violations are often the result of mishandling files, but sometimes it involves employees making wrong decisions when using social networks, so proper social media training for appropriate use of technology in the workplace is essential.

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 protects insurance coverage for employees once they change or lose their job and establishes privacy and security standards for aid info. HIPAA involves four rules:

Reasons Behind HIPAA Violation

HIPAA defines specific types of protected health information, and prohibits any unauthorized disclosure of patient’s information by any healthcare employee. Although it sounds simple, the devil is in the details, and PHI includes not only the patient’s name and address but also a wide range of other details like patient’s record number, vehicle license plate number, date of service, and so on. It is important for every healthcare professional to understand the reasons for and causes of HIPAA violations and what should be done to avoid such unintentional unauthorized disclosures.

HIPAA and Social Media Violations

HIPAA violations on social media are the breach of both the Privacy and Security rules. Due to perceived security on social networks and lack of HIPAA guidelines understanding, employees may be unaware that their behavior is violating HIPAA. Several myths surrounding HIPAA can be prevented with a good social media policy and proper employee training. Below are some examples of HIPPA violations. A quick review of these will illustrate how they could have been prevented:

Myth #1: Discussion about patients without using their names is okay

There was a well known incident in California where 5 nurses were fired from a medical center for discussing patients on Facebook. Although the hospital didn’t claim any identifying information in the post, they still chose to fire the employees. A similar incident happened in Michigan when a nurse was fired for making an update on Facebook in which she posted about, but did not name, a person who was a patient at her hospital that had been charged with murdering a police officer.

In both of the above cases, the hospitals felt that the social media updates were unauthorized disclosures of PHI.

Myth #2: Public figures don’t have the same protections

An employee of UMC resigned from her job due to a privacy-violating tweet. She responded to Governor Haley Barbour's tweet with a remark regarding his private after-hours appointment, and the UMC officials considered this to be a violation of privacy laws. Although the governor is a public figure, his medical history is protected under HIPAA.

Myth #3: Pictures of the workplace are okay as long as they aren’t of patients

Four nursing students were expelled from their program for posting their pictures which included human placenta on Facebook. They were expelled for their lack of professional behavior. Sometimes more can be seen from a picture than the photographer intends.

How to prevent HIPAA violations on social media

The first and foremost step is to develop a thorough HIPAA social media policy. The policy should describe PHI in detail so that all employees understand everything that is covered under HIPAA. Your social media policy should also explain that even when social networks are set to “private” they are still public disclosures.

Having a policy is an important step, but it should be followed by thorough HIPAA training so that the employees have the opportunity to ask questions and learn about HIPAA violation examples. If the employees are fully aware of the laws and the consequences, this will greatly reduce the number of violations and protect both the company and their employees.

Recent Articles

As a healthcare professional, you are most likely very well versed in all aspects of HIPAA compliance; the act of maintaining the integrity and protection of your patients' medical treatment ...
Read More...

With the increased usage of Smartphones and tablets more and more people - and prospective patients - access the internet are using mobile devices. Websites which are not mobile compatible ...
Read More...